Finally i got OpenVPN up running, but now i really miss accessing all my webservices (apache, ftp, ssh etc.) through the VPN server. Is there a simple way to route all traffic from my wlan1 device to tap0?

You need to provide more detail on your setup. What's the client and the server, what are you trying to access and from where? Is all traffic going via the VPN server or only certain subnets?
–
mgorvenFeb 12 '13 at 17:36

@mgorven, the only purpose for the VPN is to access the webservices when im at my university. I would like to access my network the same way as when im home on the WLAN. My question has been edited, i hope i have supplied with enough info.
–
JavaCakeFeb 12 '13 at 17:57

1 Answer
1

You still haven't provided much detail, so I'm going to guess that your setup is as follows. You usually access services on your server by its public IP (or a hostname which resolves to it), e.g. http://1.2.3.4/. When you start the VPN, OpenVPN connects to that same public IP 1.2.3.4, and while the VPN is up you access services using the server's private VPN IP, e.g. http://10.8.0.1/. You want to be able to use the public IP regardless of whether the VPN is up or not.

The best solution is to use a separate IP for the OpenVPN server because it greatly simplifies the routing. I'm assuming you don't have this option however.

The problem is that even when you're routing all traffic over the VPN, traffic to the VPN server's public IP must be routed out the default gateway in order for the encrypted VPN packets to actually get there. The routing table looks something like this:

Since the other services you're trying to access use the same IP as the VPN server they also get routed directly out the default gateway. The only way around this is to use port-based routing, which is setup like this:

Create a new routing table (only needs to be done once):

echo 1 vpn >> /etc/iproute2/rt_table

Route everything using this new table via the VPN:

ip route add default via 10.8.0.1 table vpn

Tell the kernel to use this new table for all packets with a specific firewall mark:

ip rule add fwmark 0x01 lookup vpn

Setup firewall rules to mark the packets you want to route via the VPN: